Truvera Documentation portal
WebsiteTruvera Workspace
  • Truvera overview
    • Decentralized identity explained
    • Roadmap
    • Subscription plans & billing
  • Solutions
    • Biometric-Bound Credentials
  • Truvera Workspace
    • Create an organization profile (DID)
    • Issue verifiable credentials
      • Filtering, downloading and deleting credentials
    • Verify credentials
    • Create a schema
    • Create a design
    • Team management
      • Inviting a team member
      • Removing a team member
      • Changing team member roles
      • Data retention policies
      • Sub-accounts
    • Revoking credentials
    • Ecosystem Tools
      • Ecosystem set up
      • Ecosystem example
    • Monetizing credentials
      • Setting up monetizable credentials
    • Creating API keys and webhook endpoints
    • Transaction history
    • Custom branded distribution emails
    • Truvera Workspace release notes
      • 2025 Release notes
        • Release notes Q1 2025
      • 2024 Release notes
        • Release Notes February 2024
        • Release Notes March 2024
        • Release Notes April 2024
        • Release Notes May 2024
        • Release Notes June 2024
        • Release Notes July 2024
        • Release Notes August 2024
        • Release Notes September 2024
        • Release Notes October 2024
        • Release notes November 2024
        • Release notes December 2024
  • Truvera API
    • Getting started
    • Webhooks
      • Webhooks API endpoints
    • Sample Postman collections
      • Issue-Store-Verify sample flow
      • Create ecosystems
      • Issue monetizable credentials
      • Create sub-accounts
      • Issue OpenID credentials
    • Truvera Swagger UI
    • DIDs
    • Profiles
    • Credentials
    • Presentations
      • Proof templates
      • Proof requests
      • Other proof endpoints
    • Registries
    • Revocation Status
    • Credential Schemas
    • Jobs
    • Templates
    • Sub-accounts
    • Teams
    • Messaging
    • OpenID
      • OpenID Issuance and Verification Integration Guide
    • iden3comm
    • Ecosystem Tools
      • Trust Registry Integration Guide
      • Creating a Trust Registry
      • Inviting participants
      • Verifiers and Public info
      • Trust Registry Schemas
      • Trust Registry Proof Templates
      • Reports
      • Updating and Deleting Trust Registry
    • Issuing paid credentials (KVAC algorithm integration)
    • Data
    • Verify
    • Keys
    • Schemas
  • System architecture
    • Proposed architecture with Truvera
    • Revocation
    • System scalability
    • Security policies
    • How data is processed and stored
  • Supported standards
    • Interoperability with OpenID
  • Credential wallet
    • Create and manage DIDs in the Truvera Wallet
    • Truvera Wallet release notes
      • Release Notes 2025Q1
      • Release Notes 2024Q4
      • Release Notes 2024Q3
        • Release Notes September 2024
        • Release Notes August 2024
        • Release Notes July 2024
      • Release Notes June 2024
      • Release Notes May 2024
      • Release Notes April 2024
    • White label wallet
      • Configuration
        • Enabling and Disabling Features
        • Customizing the Styling
        • Configuring for Android Builds
        • Configuring iOS Builds
      • Publishing in App Stores
        • Android Build Testing and Publishing
        • iOS Build Testing and Publishing
    • Wallet SDK
      • Getting started
        • Example Credential
        • Presentation definition
        • Verify credentials
      • Cloud wallet
      • Biometric plugin
      • Ecosystem Tools
    • Download Truvera Wallet
  • Open source community
    • Code of Conduct
    • Truvera Credential SDK
    • Blockchain archives
      • DOCK token
        • Migration terms and conditions
  • Support
    • System Status
    • Discord
    • Support services
    • Security policy
Powered by GitBook
On this page
  • How We Process Vulnerability Reports
  • How We Categorize Security Incidents
  • Severity Level: High
  • Severity Level: Medium
  • Severity Level: Low
  • How We Communicate About Security Incidents

Was this helpful?

Edit on GitHub
  1. Support

Security policy

How We Process Vulnerability Reports

We address security concerns as a high priority, whether they are raised by our customers or reported by third parties. In order to limit the possibility that a concern could be exploited, we ask to be provided the opportunity to address security concerns before they are reported publicly. Security concerns can be privately reported to us through the Intercom support button in the bottom-right corner of Dock Certs, or by sending an email to security@truvera.io.

Our open source code bases are available for public inspection, and we love pull requests! Upon receiving a security report, we will:

  • Triage the security report within 3 business days, and respond to the reporter. The triage will consist of an initial prioritization assessment and identification of next steps.

  • Prioritize the fix for an appropriate product release, recognizing that backwards incompatible changes might not be immediately releasable.

  • Publicly disclose the vulnerability after a mitigation has been identified or a fix has been released. If such disclosure will take more than 90 days, we commit to discuss the timeline of the disclosure with the reporter.

How We Categorize Security Incidents

Severity Level: High

Any security breach where confidentiality or information integrity is compromised.

Severity Level: Medium

Identification of a significant security vulnerability with no evidence of it having been exploited.

Severity Level: Low

Other events that impact system security.

How We Communicate About Security Incidents

Our communication about security incidents will be based on the severity of the incident.

Security Level High: We will proactively notify impacted customers within 72 hours of identification.

Security Level Medium: We will include information about the security concern in the release notes of the product release that addresses the concern.

Security Level Low: No disclosure may be necessary, so communication will be adapted to the specific incident.

PreviousSupport services

Last updated 4 months ago

Was this helpful?